Mango

@an0n said:
is this a brute force challenge?

i’m also still quite stuck at the early stage, but if you referring to the credentials for vhost, it is sort of a brute force, but u probably have to write your own script and define some rules (eg: length of password, possible characters) to reduce the brute force’s scope.

Hi!

Here are my hints …

User:

1º It’s important to enumerate in this box, but Dirbuster won’t lead you where you need.

2º When you are starting with one HTB machine, it’s a good practice to try the Vhost (name of the machine) + .htb. In some instances, you might get additional Vhosts which are worth checking as well.

3º If you arrive to a login page, you are on the right path.

4º The mango is a word play related to the technology to research. Mango is not a mango, but is close to it.

5º Once you figure out the technology, research how you could exploit it. There are different articles on the Internet. One of those articles will give you an idea about how to proceed further.

6º My advice would be to play first with burp and the repeater, in order to get a slight idea about how to design your attack. Then, create your own script. This was the best part for me.

Root: Basic enumeration. It’s way easier than user, and I am sure you have solved other machines this way.

Thank you @MrR3boot

Rooted.Thx! Nice Box

Rooted finally :smiley: took me a few hours for initial shell but the rest was a walk in the park. Enum well, however dirb did not help me , keep it simple after initial shell , burp your way to these flags like a mongo

@MrR3boot Thanks again. Initial foothold and user was most work, luckily the “mango” has default features for enum. Root was an interesting new tool.

@MrR3boot This was the most fun box I’ve done so far. I learned quite a bit! Big thanks to @sudneo for some key help

user: If you’ve got creds but are frustrated because you aren’t the user you want to be, there is more than one way to login as a user

root: I suck at privesc, so if I can get it you can. Read the posts in this thread, the path has been given multiple times

PM if you need a nudge

@MrR3boot thank you - the headaches have stopped after smacking my head of the desk! Thanks to everyone that give nudges, lesson learned remember the basics.

So Root Dance!

@JadeWolf, @Hilbert, @Quacktop

still stuck at the login page, few suggestions are appreciated :slight_smile:

For anybody having trouble finding out whats running behind the curtain: after the new way has opened up for you, return to basic enumeration, there is something to be found if you follow the path.

For the next step, Listen closely to the responses you get, it’s not as blind as you may think it is. There are a few articles out there outlining the process.

Regarding root, looked up gtfobins for the thing I thought I found, unfortunately it didn’t work. Would be glad about any pointers ! Thanks

more nudge please I got HTTP/1.1 302 Found

I had fun with this box. I went down a hole and missed the obvious with root. Once I noticed the correct path it was a matter of minutes. PM for nudges.

Managed to get the Root Flag. Great box!

And thanks again for the nudge @Pir4t3

Got user yesterday and finally pwnt root this morning.
Getting user was a lot of fun.

Loved this box!

Stop bashing this machine please, not fun anymore. This box keeps come online and within 1 minute it’s unavailable again

It is an interesting machine, when people say that Mango is a words game, it really is, but don’t try to break your head trying brute force with combinations of this word or similar things, I did it was discouraging.

The escalation is very easy, there is a very clear hint in the folder of the second user

Thanks @Twypsy @MrR3boot :slight_smile:

@MrR3boot is there a kind of request limiter on the box?

Finally got logged in shell as user m**** with good help of @hlyblyhakr

Tomorrow hoping for a little more progress to own user…

The connection of this box is really wors though, keep dropping connection or is it just me?

Spoiler Removed

W00t w00t !

Thanks @JadeWolf for assisting me with the re**x syntax ive been losing my ■■■■ over that one :slight_smile:
Oh and I LOVED the box @MrR3boot , learned a ton here, cant think of a higher praise